Tuesday, May 15, 2012

Control HTTP redirects with NoRedirect

Web application technologies were designed and developed to share documents between trusted user groups. The advent and and growth of Internet brought it into a higher level. Now, security is being integrated into an already developed infrastructure can't be foolproof all the time.

NoRedirect add-on is a must have tool if you are into web application penetration testing. Like any other exploits the level of impact is only limited by your imagination. HTTP redirects are used for redirecting users from one page to another. This redirection can be due to various reasons. For example, the user does not have permission to access a particular page and it redirects to a login page. The origin page might be having confidential infromation, configuration details, or it can be an administratie webpage.

Usage of this tool is very simple, all you have to do is to make a rule. For example, if you want to disable all HTTP redirects on getmantra.com, you can do it by adding following rule to NoRedirect tool:

^http://getmantra.com/

You can see a video below where NoRedirect extension is used access administrative page of a popular Content Management System.

On the video page you can get the links to vulnerable application so that you can do it yourself. From now on make this test an essential part of your security auditing.

We are providing quality Java course training with low price in Chennai, Bangalore and Hyderabad. Java technology’s versatility, efficiency, platform portability, and security make it the ideal technology for network computing.

Thanks for your article on Android technology. Android is an open source platform that allows developers to create stunning website loaded with various advanced features and functionalities....Android Training in Bangalore